upstream: permitlisten option for authorized_keys; ok markus@

OpenBSD-Commit-ID: 8650883018d7aa893173d703379e4456a222c672
author: djm@openbsd.org <djm@openbsd.org> 2018-06-06 18:23:32 +0000
committer: Damien Miller <djm@mindrot.org> 2018-06-07 04:27:20 +1000
commit: 93c06ab6b77514e0447fe4f1d822afcbb2a9be08 (patch)
tree: 86b19179eaa51962f0dae9ab02d6d37197942265 /auth.c
parent: 115063a6647007286cc8ca70abfd2a7585f26ccc (diff)
1 files changed, 12 insertions, 3 deletions
diff --git a/auth.c b/auth.c
index 573cd03b0..0424f1f79 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.129 2018/06/01 03:33:53 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.130 2018/06/06 18:23:32 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -1005,17 +1005,20 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote)
        int do_env = options.permit_user_env && opts->nenv > 0;
        int do_permitopen = opts->npermitopen > 0 &&
            (options.allow_tcp_forwarding & FORWARD_LOCAL) != 0;
+        int do_permitlisten = opts->npermitlisten > 0 &&
+            (options.allow_tcp_forwarding & FORWARD_REMOTE) != 0;
        size_t i;
        char msg[1024], buf[64];
        snprintf(buf, sizeof(buf), "%d", opts->force_tun_device);
        /* Try to keep this alphabetically sorted */
-        snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s",
+        snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s",
            opts->permit_agent_forwarding_flag ? " agent-forwarding" : "",
            opts->force_command == NULL ? "" : " command",
            do_env ?  " environment" : "",
            opts->valid_before == 0 ? "" : "expires",
            do_permitopen ?  " permitopen" : "",
+            do_permitlisten ?  " permitlisten" : "",
            opts->permit_port_forwarding_flag ? " port-forwarding" : "",
            opts->cert_principals == NULL ? "" : " principals",
            opts->permit_pty_flag ? " pty" : "",
@@ -1049,12 +1052,18 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote)
        }
        if (opts->force_command != NULL)
                debug("%s: forced command: \"%s\"", loc, opts->force_command);
-        if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) {
+        if (do_permitopen) {
                for (i = 0; i < opts->npermitopen; i++) {
                        debug("%s: permitted open: %s",
                            loc, opts->permitopen[i]);
                }
        }
+        if (do_permitlisten) {
+                for (i = 0; i < opts->npermitlisten; i++) {
+                        debug("%s: permitted listen: %s",
+                            loc, opts->permitlisten[i]);
+                }
+        }
 }
 /* Activate a new set of key/cert options; merging with what is there. */
author	djm@openbsd.org <djm@openbsd.org>	2018-06-06 18:23:32 +0000
committer	Damien Miller <djm@mindrot.org>	2018-06-07 04:27:20 +1000
commit	93c06ab6b77514e0447fe4f1d822afcbb2a9be08 (patch)
tree	86b19179eaa51962f0dae9ab02d6d37197942265 /auth.c
parent	115063a6647007286cc8ca70abfd2a7585f26ccc (diff)